Hello all,

I'm not sure, if this could be done at all, but maybe someone can help 
me with this.

The thing how it should look like in the end is, a "chrooted" anonymous 
ftp server in which anonymous can log in to download files and certain 
(privileged) users can log in via ftp with their ldap domain account and 
password to upload files.


Here is, what I've done so far:

Created the chrooted anonymous ftp server:

inetd.conf:
ftp stream tcp nowait root /usr/sbin/chroot /ftp /usr/sbin/in.ftpd -a -d

I've copied (hopefully) all the needed files into the new root 
directory. I don't want to dump them all here but a few to show you my 
config:

/ftp/etc/passwd:
ftp:x:5601:1:Anonymous FTP:/:/bin/sh
ftpadm:x:5602:1:Anonymous FTPadmin:/:/bin/sh

/ftp/etc/shadow:
ftp:*LK*:12741::::::
ftpadm:0980sdfsd098sf:12741::::::

/ftp/etc/pam.conf:
ftp	auth required 	/usr/lib/security/pam_unix.so.1
ftp	account required 	/usr/lib/security/pam_unix.so.1
ftp	session required 	/usr/lib/security/pam_unix.so.1


With this configuration, I'm able to log in as anonymous and as ftpadm. 
This was to make sure that the ftp server works at all as I expected. 
Now here is the problem:

I changed the pam.conf to:
ftp   auth required           /usr/lib/security/pam_ldap.so.1
ftp   account required           /usr/lib/security/pam_ldap.so.1
ftp   session required           /usr/lib/security/pam_ldap.so.1

added the following line to /ftp/etc/passwd (the user test is known in 
the ldap domain):
test:x:5103:1:Anonymous FTPadmin:/:/bin/sh

And I've copied the /var/ldap dir to /ftp/var/ldap

The passwd line in /ftp/etc/nsswitch.conf stays on files.

So, my thought at this point was to get the login information from the 
/ftp/etc/passwd file and with changing the /ftp/etc/pam.conf get the 
authentication from the ldap domain.


Unfortunately, if i try to log in via a ftp session, I get

ftp ftphost
Connected to ftphost.
220 ftphost FTP server (Version wu-2.6.2+Sun) ready.
Name (ftphost:root): test
331 Password required for test.
Password:
530 Login incorrect.
Login failed.
ftp>

And a line drops into the /var/adm/messages:
Nov 19 12:57:16 volvo ftpd[7159]: [ID 293258 daemon.error] libsldap: 
Status: 2
Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').


Any help would be greatly appreciated.

Wolfgang

wolfgang mair <wolfgang.mair@fci.com> writes:

> And a line drops into the /var/adm/messages:
> Nov 19 12:57:16 volvo ftpd[7159]: [ID 293258 daemon.error] libsldap: 
> Status: 2
> Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').

Do you have a copy of /var/ldap/ldap_client_file in the chrooted environment?

-- 
Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS

Atro Tossavainen <Atro.Tossavainen+news@helsinki.finland.invalid> wrote in message news:<pgzzn1ex7ie.fsf@kruuna.Helsinki.FI>...
> wolfgang mair <wolfgang.mair@fci.com> writes:
> 
> > And a line drops into the /var/adm/messages:
> > Nov 19 12:57:16 volvo ftpd[7159]: [ID 293258 daemon.error] libsldap: 
> > Status: 2
> > Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
> 
> Do you have a copy of /var/ldap/ldap_client_file in the chrooted environment?

Sorry, it took me a while. (Had some problems with my news server)
Here you go:

NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.110.14
NS_LDAP_SEARCH_BASEDN= dc=muco,dc=de
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= profile1
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10

Wolfgang